Windows Source version 8 works with V Communications' Sourcer, version 8.00 and later, to produce commented disassemblies of Windows 16 & 32 bit executables, dynamic link libraries (DLLs), device drivers, and 32-bit virtual device drivers (VxDs). The generated assembly listings are primarily used to improve your understanding of Windows programs, the internals of Windows itself, and help identify and clarify important undocumented services and functions. It should be noted that it will not be immediately practical to re-assemble the outputs.
When used with Windows Source, Sourcer:
Labels exports from an executable, DLL or device driver Identifies, by name, imported function calls, including Windows API calls. Includes CodeView symbols where possible, such as those found in the debugging version of Microsoft Windows. Labels the program's or DLL's main entry point and automatically identifies WinMain In a VxD, identifies, by name, the VxD's API entry points and Control procedure, plus any services the virtual device provides. In a VxD, identifies, by name, all virtual-device services that the VxD calls. Automatically identifies information such as variables in the NULL segment, general protection fault handlers in a __GP block, and APPLOADER functions in a self-loading Windows application. Provides comments for all DOS and DOS Protected-Mode Interface (DPMI) calls made in a Windows program. Makes available for disassembly the many VxDs embedded with the Enhanced mode WIN386.EXE or VMM32.VXD files. Includes symbolic debugging information found in an associated .SYM, .DBG or .PDB files. Provides a readable display of resources, such as menus, dialog boxes, etc., in a Windows executable DLL. Provides the ability to decompress and disassemble self-loading Windows 16 bit executables compressed with PKLite v 2.00 and SLR Optloader.
Ordering Windows Source
About Windows Source
Versions one & two of Windows Source were written by Andrew Schulman, version three was taken over, and significantly upgraded and re-written by Clive Turvey. The new version provides support for Windows '95 & NT Portable Executable (PE) files, OS/2 32 bit Linear eXecutables (LX), enhanced support of Windows & OS/2 16 bit New Executables (NE) and Windows VxDs - 32 bit Linear Executables (LE).
The text processing portions of Windows Source are written in AWK (a pattern-matching language developed by Alfred Aho, Brian Kernighan & Peter Weinberger at AT&T Bell Labs), using the TAWK Compiler from Thompson Automation Software.
Contacting Clive Turvey, the author of Windows Source8
Click the address below and remember that I don't provide free consulting, reverse engineering services, but can provide limited technical support to customers who bought Windows Source from V Communicaions prior to it being discontinued. If you wish to file a bug report please provide everything needed to duplicate the problem. Check that the subject area isn't covered in the links section below.
FREEWARE from the author, these programs lack the ability to create Sourcer definition files. To do that you'll need to buy Windows Source version 3.x
VXDLIB.ZIP -- VxDLib is a utility that I have written that works with the new compressed W4 file format used by VMM32.VXD to archive multiple VxDs for Windows '95: you can dump out the contents of VMM32.VXD, decompress it, recompress it (more tightly than Microsoft), and extract individual VxD's from it. Multiple VxD's can be extracted using wildcards. VXDLIB.ZIP includes VXDLIB.EXE and VXDLIB.DOC. DUMPPE.ZIP -- DumpPE is a utility that dumps the internal structures of Windows '95 & NT Portable Executable files (.EXE, .DLL & .DBG). Includes a rough disassembler that can import symbols in COFF, Codeview, .SYM & .PDB format. Disassembler supports KNI (SSE), 3DNow!, Willamette (SSE2) and Prescott (SSE3) instruction sets. Provides cross referencing, improved output. * New with Core (SSE4), SSE5, Vanderpool (VMX) support DUMPLX.ZIP -- DumpLX is a utility that dumps the internal structures of OS/2 and Windows Linear Executables, both the LE form used by Windows 3.x & '95 VxDs and DOS Extender applications, and the LX form used by OS/2 2.x and Warp. Includes Windows '98 (aka Memphis) VxD export names and a rough disassembler that can import symbols in COFF, Codeview, .SYM & .PDB format. Disassembler supports KNI (SSE), 3DNow!, Willamette (SSE2) and Prescott (SSE3) instruction sets. Provides cross referencing, improved output. * New with Core (SSE4), SSE5, Vanderpool (VMX) support
More FREEWARE tools
TOYS.ZIP -- DumpCV is a utility that dumps Codeview (NB00,01,02,04,05,06,07,08,09 & 11) debug data that is attached to an executable file or within a .DBG file. DumpPDB dumps debug data that is contained in .PDB files (Program Database v2.0 format) created by MSVC 2.xx, 4.xx & 5.00 (all of which are different!). DumpW4 is the precursor to VxDLIB and allows internal inspection of W4 files. * New version, now includes source code for DumpW4 and updated DumpPDB. DUMPCAB.ZIP -- DumpCAB is a utility to examine the internal structure of Microsoft Cabinet Files (MSCF) used in the distribution of Win 95 & NT. This is a new posting, runs under DOS and includes 'C' source code. Standard .CAB files use a compression format called MSZIP, this is the same as PKWare's Deflate encoding, Microsoft, in my opinion, used the public domain INFLATE.C by Mark Adler (1992) as the basis for their decompression engine supplied in EXTRACT.EXE and FDI.LIB. Mark's code is also used with KWAJ Mode 4 compressed archives (DECOMP.EXE) and Microsoft's Plus! DriveSpace 3 "UltraPack" (DRVSPACE.BIN), both of which use the PKWare encoding. Cabinets can also be compressed in a new QUANTUM encoding which can have a sliding window of up to 2MB (Yes, two megabytes!) instead of the 32KB provided by MSZIP. This encoding is likely to become more prevalent as we migrate away from DOS. Check out Microsoft's Cabinet (CAB) Home Page to get a copy of the cabinet resource kits and check out Sven Schreiber's article in May's edition of Dr. Dobb's on how to use them.
More FREEWARE tools to allow Sourcer to disassemble compressed executables & BIOS
UNLZEXE.ZIP -- UnLZEXE is designed to decompress all .EXE files created by LZEXE v0.90 & v0.91. UNPKLITE.ZIP -- UnPKLite is designed to decompress most .EXE files created by PKLite v1.00-2.01 including those made with PKLite Professional using the -e (extra) option and which cannot be expanded using the -x (expand) option of PKLite. * New version, supports 2.00 & 2.01. UNPACK.ZIP -- UnPack is designed to decompress most .EXE files created by Microsoft's EXEPACK/LINK utilities, unfortunately there are so many different versions/mutations that this product could fail occasionally. UNAWARD.ZIP -- UnAward is designed to allow 128k Award Flash ROM images using the Award Decompression BIOS to be decompressed and examined without access to the host motherboard. This might be particularly useful to peripheral vendors who need to know how the chipset on a given motherboard is being programmed and allow them to remedy flaws in the chipset implementation or programming that prevent their product(s) from functioning optimally.